Latest Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2013-11-30 CVE-2013-6918 Permissions, Privileges, and Access Controls vulnerability in Satechi Smart Travel Router 1.5
The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests.
5.8
2013-11-30 CVE-2013-5636 Credentials Management vulnerability in Checkpoint Endpoint Security
Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses.
3.3
2013-11-30 CVE-2013-5635 Credentials Management vulnerability in Checkpoint Endpoint Security
Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously.
3.3
2013-11-30 CVE-2013-6392 Resource Management Errors vulnerability in Codeaurora Android-Msm
The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call.
local
low complexity
codeaurora
CWE-399
4.9
2013-11-29 CVE-2013-6791 Information Exposure vulnerability in Microsoft Enhanced Mitigation Experience Toolkit 3.0
Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack.
network
microsoft
CWE-200
nessus
4.3
2013-11-29 CVE-2013-6307 Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.0.0
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm
CWE-79
3.5
2013-11-29 CVE-2013-5463 Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0
The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file.
network
ibm
CWE-264
4.3
2013-11-29 CVE-2013-5448 Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0
Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm
CWE-79
3.5
2013-11-29 CVE-2013-6885 Resource Management Errors vulnerability in AMD products
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.
local
amd
CWE-399
nessus
4.7
2013-11-29 CVE-2013-6706 Improper Input Validation vulnerability in Cisco IOS XE
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
network
high complexity
cisco
CWE-20
nessus
5.4